United States Patent 

Janssen>et*al. 



[19] 



US005954817A 
[11] Patent Number: 
[45] Date of Patent: 



5,954,817 
Sep?r21^1*999« 



[54] APPARATUS AND METHOD FOR SECURING 
ELECTRONIC INFORMATION IN A 
WIRELESS COMMUNICATION DEVICE 

[75] Inventors: John Jerome Janssen, Round Lake 
Beach; Steven J. Olsen, Libertyville, 
both of m. 

[73] Assignee: Motorola, Inc., Schaumbiirg, 111. 

[21] Appl. No.: 08/775,656 
[22] Filed: Dec. 31, 1996 

[51] Int. Cl.^ G06F 12/14 

[52] U.S. CI 713/200; 340/825.31; 340/825.34 

[58] Field of Search 340/825.31, 825.34; 

380/3, 4, 25, 30; 395/186, 187.01, 188.01, 

200.59 

[56] References Cited 

U.S. PATENT DOCUMENTS 

4,590,552 5/1986 Guttag et al 711/163 

4,698,750 10/1987 Wilkie et al 365/185.04 

5,379,212 1/1995 Sarner et al 705/412 

5,432,950 7/1995 Sibigtroth 711/163 

5,488,631 1/1996 Gold et al 380/34 

5,552,776 9/1996 Wade et al 340/825.31 

5,771,348 6/1998 Kubatzki et al 395/186 



FOREIGN PATENT DOCUMENTS 
WO 93/10498 5/1993 WIPO . 

Primary Examiner— Rohtri W, Beausoliel, Jr. 
Assistant Examiner— Picm E. Elisca 
Attorney, Agent, or Firm — Mark D. Patrick 



[57] 



ABSTRACT 



An apparatus (200) for securing electronic information (205) 
includes a microcontroller (202) and an external memory 
(204) coupled thereto. The ^cfacoBtrol ler,(202ycomprises^ 
a one-4ime^p.rogrammableTse5urit3^^ 
g rgmmed _whea^thc electromc4nformation^205)-is^tored in 
{l| Sp^^ D^f fe,(2Q^ ) . Once programmed, the security flag 
^prevents'reprogramming of the memory (204). Additionally, ^ 
the microcontroller (202) coraE^^ianfalg^^m|(i,^^^at \ 
g e ner a tes ^lc<^i enktaufeep^ | 
the ^electromc»i^ <y^Bationf(gQS)^If^^ I 
ma tiQ ii«(2()>7 ^»i^ i ^redrtn ftfaetmemGr^^ along with the ^ 
«eteGtrofiiS»iHfd^rmati0!Si(^O6). Upon retrieval from the 
memQry-i 20il-LfcyL^e g istr:atj on:»tfaeitetectron^ 
f205) js^m heati cajgdjw *gencratmg; dagw^ 
tica tioayjaf f^rmatjonf^SOS^ivialthgiatgoritfamt^ 



mefflORV^^j-)^uch authentication prevents swapping out 
of the memory (204) to gain system access. 

26 Claims, 4 Drawing Sheets 



200 



222. 



228 



202 



208 



MICROPROCESSOR 



226 



3 



218 



PROGRAUUING 
INTERFACE 



220' 



ONE-TIME PROGRAMMABLE ROM^^^ Q 



ESN SECURITY BIT 



CONFIGURATION ROM 



211 



SECRET KEY 



^232 



MASK PROGRAM ROM 



212 



MESSAGE AUTHENTICATION PROGRAM 



^254 



RAM 



214 



_ TEMPORARY JS][ 
"temporary MAC 



^238 



-216 



EXTERNAL MEMORY INTERFACE 



-236 



204 




205 



207 



03/12/2004, EAST Version: 1,4.1 



U.S. Patent Sep. 21, 1999 sheet 1 of 4 5,954,817 



FIG.1 m. 




104 



\\/m 

^110 116 118 ^114 

CONTROLLETp-^l U/I | 



TRANSCEIVER 



222. 



FIG. 2 joo. 

^202 



208 



MICROPROCESSOR 



226—^ 



228 



7 



218 



PROGRAMMING 
INTERFACE 



220- 



ONE-TIME PROGRAMMABLE ROM^-^^ Q 



ESN SECURITY BIT 



CONFIGURATION ROM 



SECRET KEY 



6 



MASK PROGRAM ROM ^^ 12 



MESSAGE AUTHENTICATION PROGRAM 



234 



RAM 



2M 



_ TEMPORARY JS_N 
'temporary MAC 



238 



216 



EXTERNAL MEMORY INTERFACE 



-236 

204 
206 \ 

EEPROM 




205 



207 



03/12/2004, EAST Version: 1.4.1 



U.S. Patent Sep. 21, 1999 sheet 2 of 4 5,954,817 



FIG. 3 



( START > 




RECEIVE ESN TO BE PROGRAMMED AND STORE 
IN RAM AS TEMPORARY ESN 



508 



GENERATE MAC FOR ESN 
AND STORE IN RAM 



310 



STORE ESN AND MAC IN 
EEPROM UN-ENCRYPTED 



312 



PROGRAM ESN SECURITY BIT 



504 



03/12/2004, EAST Version: 1.4.1 



U.S. Patent 



Sep. 21, 1999 Sheet 3 of 4 



5,954,817 



FIG. 4 

308 




03/12/2004, EAST Version: 1.4.1 



U.S. Patent 



Sep. 21, 1999 



Sheet 4 of 4 



5,954,817 



FIG. 5 



500 



( START y 



506 




NO 



502 



NO 



RETRIEVE ESN AND MAC FROM 
EEPROM AND STORE IN RAM 



508 



GENERATE NEW MAC 
FOR ESN STORED IN RAM 




TRANSMIT AUTHENTICATED ESN 



^ ^504 
( END ) 



03/12/2004, EAST Version: 1.4.1 



5,954,817 

1 2 

APPARATUS AND METHOD FOR SECURING FIG. 4 is a functional block diagram illustrating a method 

ELECTRONIC INFORMATION IN A employed by the apparatus of FIG. 2 for generating an 

WIRELESS COMMUNICATION DEVICE authentication code associated with the electronic informa- 

tion of FIG. 3; and 
FIG. 5 is a flowchart illustrating a method employed by 



HELD OF THE INVENTION 



The present invention relates generally to a wireless the apparatus of FIG. 2 to authenticate the electronic infor- 

communication device and more particularly to electronic mation of FIG. 3. 
information stored in a wireless communication device. 

DETAILED DESCRIPTION OF THE 

BACKGROUND OF THE INVENTION PREFERRED EMBODIMENTS 

Wireless communication systems have become increas- ^ apparatus for securing elecu-onic information includes 

ingly common. In such systems, a subscriber uses a local aj^yGlameimemot^^anaiarim memory 

communication device, such as a portable cellular telephone, ^Seraafly coupled to the microcontroller, the microcon- 

to communicate with a remote communication device, such ^^^^^^ cgpjpj^sfaionenimejpTp^rWm'ablefsec^^^ 
as a cellular base station. Communication is accomplished is isipreg tammc^ww^ faenithgielectrQniciinfoimatiQmis^^ 

via the transmission of radio frequency (RF) signals between .thcfmem&tyr Once programmed, the ^curi lv^aa^^Tevents 

the local device and the remote device. rep£ografflming.of4be«naenaolfy. Additionally, the microcon- 

To initiate communication, the local device communi- troUer comprises aH«eDCcy ption« alg0rithmMtfaai»generatesv^ 

cates electronic information, such as an electronic serial elcctroaicgauthepticatioimnf ormatiQB^urjn g^pFjogramming 1 

number (ESN), to the remote device for registration. Upon pf^the-electconic infocmation. ..The electronic authentication J 

receipt, the remote device determines whether the local ii^ornution»isistorcd»iMtfeimemoiy#ak>nggy^t^^ f 

device is permitted to make calls in the system based on the tronie*inf6rffi5lieti. Upon retrieval from the memory for 

ESN. Aside from being used for limiting system access only reg istrMioa -the.elcctronie»iii fonnation,is^uthcntigate.d^ v 

to authorized users, the ESN is used for billing subscribers gepe£atingtn6W^lectfonicfautheBticatiQQfin formation>via.theL 

for calls made over the system. eneiypto»algorithni«to>CGmpar«»td^he^elgfctroniG»autheQti- 

In many wireless communication systems, the ESN is cadon»infGimationiStored^ith§injemoiy>Such authentica- \ 
transmitted to the remote device in an un-encrypted manner tion p^^ ents»sw a pjping^Ut^f*tfi^mcinoryM I 
and, thus, it is not secret and is susceptible to receipt by an 5^5S5*FffUi;f iluTlfife tlre-previbiM^'pp'ilratu^^ 
unauthorized party. The unauthorized party may engage in ap oaratu s ^(£cures..eIfictror aCfinf<3imatiQniinia»m^ |" 
fraudulent activity by programming the electronic informa- na LtQ.a^micr ocoatroUer. \ 
tion into, and making counterfeit calls via, a local device. communication system 100, shown in FIG. 1, corn- 
Such fraud results in billing authorized subscribers for calls ^^^^ remote and local communication devices 102 and 104 
they did not make. that communicate via a wireless communication link 106. In 

In the past, the risk of fraud was reduced by storing the the illustrated embodiment, the remote and local devices 102 

ESN in a non-volatile memory device within a semiconduc- and 104 are a cellular base station and a cellular 

tor device, such as an integrated circuit. More specifically, radiotelephone, respectively, and the wireless link 106 com- 

the ESN was stored in an EEPROM (electrically erasable prises RF signals. The local device 104 includes an antenna 

programmable read only memory) that was internally dis- 108, a transceiver 110, a controller 112, and a user interface 

posed in a microcontroller employed by the local commu- 114. The user-interface 114 typically includes a microphone, 

nication device. In operation, the EEPROM could not be aspeaker, a keypad, a display, and an external test connector, 

accessed via the pinouls of the microprocessor and, thus, w^en the local device 104 is in a powered-on state, the 

could not easily be reprogrammed or replaced with a j^p signals of the wireless link 106 are received by the 

"cloned" ESN. antenna 108 and converted by the transceiver into receive 

However, combining an EEPROM on the same integrated 45 data signals, which are coupled to the controller 112 via bus 

circuit as a microcontroller is very expensive. The semicon- 116. The controller 112 processes the received data and 

ductor manufacturing processes capable of providing non- voice signals that are further coupled, via bus 118, to the user 

volatile memory devices are expensive relative to those interface 114 for output. Voice and data input to the user 

processes capable of providing logic circuitry only. Also, interface 114 is coupled to the controller 112, via bus 118, 

where the non-volatile memory and the logic circuitry are for processing into transmit data signals. The controller 112 

combined in a single microcontroller, yield reductions due to outputs the transmit signals on bus 116 for conversion by the 

non-volatile memory programming failures can greatly transceiver 110 and emission by the antenna 108 as the RF 

increase the expense of the finished product. signals of the wireless link 106. 

Therefore, what is needed is an apparatus and method for The controller 112 includes an apparatus 200, shown in 
securing electronic information, such as an ESN, that does 55 FIG. 2. The apparatus 200 includes a microcontroller 202 

not require the use of a non-volatile memory device pack- and an EEPROM 204. The EEPROM 204 interfaces to the 

aged within a microcontroller device. microcontroller 202 via a serial format. The EEPROM 204 

BRIEF DESCRIPTION OF THE DRAWINGS !f ^^"^^^ ^ 1°=*'^° electronic mformation. In the 

illustrated embodiment, the electronic information is an 

FIG. 1 is a block diagram illustrating a wireless commu- electronic serial number (ESN) 205 consisting of a 32 binary 

nication system employing remote and local communication bit number. The ESN 205 uniquely identifies the local device 

devices; 104 of FIG. 1 and is used by the local device 104 of FIG. 1 

FIG. 2 is a block diagram of an apparatus employed in a to gain authorized access to the communication system 100. 

controller of the local communication device of FIG. 1; The EEPROM 204 of FIG. 2 also includes a location for 

FIG, 3 is a flowchart illustrating a method employed by 65 storing electronic authentication infonmation used to authen- 

the apparatus of FIG. 2 for programming electronic infor- ticate the electronic information. In the illustrated 

mation therein; embodiment, the electronic authentication information is a 



03/12/2004, EAST Version: 1.4.1 



5,954,817 



10 



15 



message authentication code (MAC) 207 consisting of a 32 

binary bit number. 

Theimi^rocontroUer 202 tomprises'aTiiicfoprocessor 2087 

a o|65ifflfiH>f<^g'^t'3^^J^^^^^^4^ 
p-cGQfiguratiollROM*2il, a niask program ROM 212, a RAM 
(random-access memory) 214, an external memory interface 
216, and a programming interface 218. The microprocessor 
208 is coupled to the programming interface 218 via serial 
bus 226, which is internal to the microcontrolle r 202. T he 
miCTpproccssor-208;:thc:dnSst3mc:progFammable'ROM^^ 
th6^ccmfigurati6nvit©M^ll, the-mask-programJ ROM j l2, 
the RAM 2L4,-andrthe-€xt5raarmemory interface 216 are 
cofi^S5^^^raon^I>arailei:busr220, which is internal to 
the microcontroller 202. The microprocessor 208 is coupled 
to the transceiver 110, other circuitry of the controller 112, 
and the user interface 114 via bus 222, which extends 
outside of the microcontroller 202. The programming inter- 
face 218 is coupled to the user interface 114 via bus 228, 
which extends outside of the microcontroller 202. Busses 
222 and 228 may form sub-busses of busses 116 and 118 of 20 
FIG. 1. TbescxtefnSHfi'einoi^tiirferface^^ 
cou^|d_^Jii6:£EBR^3M3204^\ek=bus-206r^which=extends 
outside of the microcontroller 202. The microcontroller 202 
is preferably fabricated in a single integrated circuit using 
known semiconductor fabrication techniques. 

The microprocessor 208 is a parallel device that operates 
responsive to program instructions and data for controlling 
the apparatus 200. The program instructions are electronic 
information stored in the mask program ROM 212 or a ROM 
(not shown) externally coupled to the microcontroller 202. 
The data is electronic information preferably stored in the 
configuration ROM 211 and the RAM 214. Via the common 
bus 220, the microprocessor 208 accesses the one-time 
programmable ROM 210, the configuration ROM 211, the 
mask program ROM 212, and the RAM 214 to retrieve 
electronic information, such as the program instructions and 
data, therefrom; to execute program instructions therein; to 
store electronic information therein; and the hke. All biis 
transactions involving the common bus 220 are not visible 
outside of the microcontroller 202. The one-time program- 
mable ROM 210, the mask program ROM 212, and the 
RAM 214 can not accessed outside of the microcontroller 
202. 

llte-one-time^progr^maBle^OM^210nrichid^arloca^ 
ti onjor-storij^ :a:secPiity:flas:fonpreventingrepro0'aLmnJin^ 
qf:the:eleCtronicJnfornratiDn>In the illustrated embodiment, 
the security::fiag^s::ajTdESN^se&urityr 
on6cWa^l5iFnurabcr.rA binary "one" in the ESN security 
bit 2S^d^ates^haUhe^ 

programmefEtoSeS^^^i^JX^inary "zero" in the 
ESN securit y bit 230 injicaig jhajjbe _E^N_205_and-the 
MAG::207-havQ[gt^^ 

204. The~ESFrie^rity bit 230 is Itorednn'The one-time 
progrffimable^I^rGM~2lO:duriiigrprGgrammingrof-the'elec- 
tronic-informationras:fiuther:deseribe^ 
programmable ROM 210 may be implemented~by:::a=fuse 
bank^or;other:^ae;tinie:pr73grainm^le:technoiog^^ 

T he-con fi guration j^QMr211 includes a location for stor- 
ing.anffigypjionjcey-usedjn-the:gcii c c 
auth enticati on-informatiom In the illustrated embodiment, 
the encryi)tion^eyj%:a"secret"key^32^TOnsisting:of6^^ 
bits:that=conip"iserarraiidom^56^binary:bitniurnber-ana^n 8 
binary^toichecksum^-^e^secieirkeyr?^ 
configuration:RQM-211~dtmDg4abFication-of. ± 
troUerr202Fsu^ch:as"ar-wafeT^obe;Using4as^^ 
hnk-techniqu'CSTrTo-ensure security of the ^crettkey^32r'the 
microcontrcdler_202-disables.accesscs:to4he^s^^ 
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wbye-exe^ting^nrodeiexternaljo^tbe^^ 

21^. Such security measures are further described in U.S. 

patent application Ser. No, 08/730,188, "Microcontroller 

Which Limits Access to Internal Memory", filed in behalf of 

Dorsey et al. on Oct. 14, 1996, and assigned to Motorola, 

Inc. 

The mask program ROM 212 includes a location for 
storing instructions for authenticating the electronic infor- 
mation. In the illustrated embodiment, the instructions are a 
message authentication program 234. The message authen- 
tication program 234 is preferably stored in the mask 
program ROM 212 during fabrication of the microcontroller 
202. 

The RAM 214 provides locations for temporary storage of 
the electronic information and the electronic authentication 
information during programming and authentication pro- 
cesses described further below. In the illustrated 
embodiment, the electronic information is temporarily 
stored in the RAM 214 as a temporary ESN 236 comprising 
a 32 binary bit number and the electronic authentication 
information is temporarily stored in the RAM 214 as a 
temporary MAC 238 comprising a 32 binary bit number. 

The external memory interface 216 provides compatibil- 
ity between the microprocessor 208 and the EEPROM 204. 
The external memory interface 216 converts electronic 
information output by the microprocessor 208 from a par- 
allel format on bus 220 into a serial format on bus 206. 
Likewise, the external memory interface 216 converts elec- 
tronic information retrieved from the EEPROM 204 via bus 
206 from a serial format into a parallel format on bus 220. 

The programming interface 218 permits programming of 
the electronic information into the apparatus 200. The pro- 
gramming interface 218 provides compatibility between the 
microprocessor 208 and an external programming fixture 
(not shown) that detachably couples to the external test 
connector of the user interface 114. In the illustrated 
embodiment, the programming interface 218 converts the 
electronic information output by the external programming 
fixture from a proprietary protocol, such as the three- wire 
bus protocol or the DSC (Digital Speech Control) protocol, 
on bus 228 into a serial format on bus 226. Likewise, the 
programming interface 218 converts electronic information 
output by the microprocessor 208 from a serial format on 
bus 226 into the proprietary protocol on bus 228. 

The:electronic-infojmationJy^ 
ratus-2601ac^^ing4p^arme^ The 
method of FIG. 3 is described hereinbelow in conjunction 
with FIG. 2. The method is performed by the microprocessor 
208 as part of its program instructions. The method is 
initiated upon attachment of the programming fixture to the 
programming interface 218 (via t he user interfa cejl4_and 
bus^22S) and-receptioff^f an^ESN program command from 
the^prpgramming^flxture^(aLblock 30 0) ^^U pon jecepjion of 
thercoffim*md,-the-microprQC»ss»j^208^eadi31ie^ESN:s^ 
rity-t)it'230~from:thg:one4ime^pro^ (at 
Sock'302)7If the ESN security bit-230-is:a:binaTy:^Jone^"(i-e-, 
the ESN:seeurity-^it 230^has;aljrea^ 
niicroprocessor2087esponds:to:the:ESN-piGgram:comiSan 
by"h^altin^this:subs«3uent;:attempt:t^^ 
the^EERROM"-204-(at-bto^ 

Iflhe ESN security bit 230 is a binary "zero", the 
microprocessor 208 proceeds to program the EEPROM 204. 
The miCTOprocessor 208 responds to the ESN program 
command by receiving an ESN from the programming 
fixture and temporarily storing this ESN in the RAM 214 as 
the temporary ESN 236 (at block 306). The microprocessor 
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208 generates a MAC associated with the temporary ESN FIG. 1 for registration on the communication system 100. If 

236 and stores this MAC in the RAM 214 as the temporary registration is not accomplished, no calls can be made or 

MAC 238 (at block 308). received by the local device 104. Prior to transmitting the 

Tli^temporary31AC jaS Js-generaled-acC5raing::to> a ESN 205 to the remote device 102, the apparatus 200 of FIG, 
meMJiUmtrated in FIG. 4. The meth od - is e mbodied in the 5 2 authenticates the ESN 205 according to a method illus- 

m'ess^ge^tiSnti^tion:pTogram:234:^rFIjG^ stor^ in the irated in FIG. 5. Authentication minimizes the oppornmity 

ma^tP_rogpm~ROM721^^The message authentication pro- for fraudulent use of the ESN 205 in the local device 104 or 

gr ^234 is execu ted^fr om4h&-ma sk:program-ROM:212.by other local devices for use in the communication system 

^e^:miHOprpce^r:?Mjm joO. The method of FIG. 5 is described hereinbelow in 

gtanilM^omPI^^ an auth-entication-algorithm 4^^^ conjunction with FIG, 2. The method is embodied in the 
4 The authentication dgomta^-is^en^^ authentication program 234 stored - in the mask 

rithm^^at^nerAt^lectrpmc^amhe^^ ,^0M 212. Ihc message authenUcation program 

from^electromcrmform^^ 234 is executed from the mask program ROM 212 by the 

In the illustrated embodiment, the authentication algo- microprocessor 208. Cbntrol of the execution of the message 
rithm 400 is^e^DaU^AutheSlication^^ ^5 authentication program 234 is secured by means described 
defined by the National Instimte of Standards of the U.S. ^.S. patent application Ser. No. 08/730,188, previously 

pjpaitoent'of ^Cornmerce:^in-OT ation^ ^ • ^ 

Processing Standards) Pubhcation No. 1137 The DAA uses „' . r— r-i-j 

* 1^ *• o. J J /¥-»rc\ J u., .u- KT„t- 1 The-method:is initiated during a-power-up sequence of the 

the Data Encryption Standard (DES) defined by the National , — . ^oa u tu ?• — - 

t . ro/ J J r.u TIC T-k -* /^cn «™ local-device-104-when-the,messagerauth6ntication:program 

Institute of Standards of the U.S. Department of Commerce ^^^r— — - — ^ cckt — 7^ j / *u 

in FIPS PubUcation No. 46-1. To generate the temporary 234rre«iv^r.a.t^N^a«Jh^^^^^ 

MACim^lhT^i^t^^^^rlOS tctni^^s-X^'s^U-^ m«rGpnjc<^rr208:(at block 500). Upon recepUon of the 

J^^^ !u £ oi^m* J - * *u ♦ coramand,-the-message-authentication-prograra-234-dir6Cts» 

232 from the configuration,ROM,211_and-mputs-the-secret . • — r—*-— — ^^nV: a^,u ^-L-.-^m-^ 

1^ ^1-^-^— :3 — t-jIt am * 4L .u «• 1 thecmicroprQccssor -20a- tQ~reaartherESNrsecunty^bit-230^ 

ke v-232-andr:anrES N_word 402 to the authentication algo- ^ ^- — wi nr^xji -liA / * ui i cm\ 

rit hm 400 * '"•"**===*=-^-^ — — — ° frona4he-one^time_progj^^^ 

^ * ... T^T.^ . T-„xT J 4r,^ If a binary "zero" is read (i.e., the ESN security bit 320 has 

For compatibihly with the DES, the ESN word 402 programmed), the message authentication program 

comprises a 64 bit bmary number or a multiple of a 64 bit 234-halts.authentication-aDd:flags:the^microprocessorr208:to 

bmary number In one embodmient, the 1^^^^ prey^nl^^trati^-(al¥lockr5,04). ^ " 

generates.the,ESNjvord402.by-appending32-bmary-^-'zero" ^ . . T. . . ^ . ^, 

bitrtrFhT^^flhrfeS^oTary^ESN 236. In another 3^ If ^^binaiy^oj^^^ 

embodiment, the microprocessor 208 appends a message. ^^e ESN secunty bit 230 has been programmed) die mes- 

such as a hash code, to the end of the temporary ESN 236. sagerauttohcaUonip^ 

A hash code is a condensed representation of a larger the..ES.Mr^205> The messag^^enU.»cpiT>g?am^^^ 

message. One example of the hash code would be a 32 ^.^^^^iSr^^'^^'^p-^T^^^ 

binary bit check sum generated from the contents of the 33 ^^^^^^^^^l^?^^^ 

mask program ROM 212. Another example would be a and=the^Ivt^G^207-^ 

message digest generated in accordance with the Secure temporal MAC_^orespectiveIy^^ in the RAM 214 (at 

Hash Algorithm (SHA-1) defined by the National Institute of ^^^^^ 506). The message authentic ation:programr234:direc^ 

Standards of the U.S. Department of Commerce in FIPS ^teP-^QRIPeeBSO'-^^^^^ 

Publication No. 180-1. The message digest is a 160 binary tempQrarycrESN-236-(abMgck^5(^S):^^^^ 

bit number generated by the SHA-1 from any message up to genegi^j£l||ma^ 

2^ binary bit numbers in length, such as the program ^ ^^^^ generaUon of4he::iesporary_I^Gr238jdurin^ 

instructions stored in the mask program ROM 212 or the programmmg^That is, the authenUcation algorithm 400 

ROM (not shown) external to the microcontroller 202, Any generales~-the™w.MAG^from-the-temporaryrESN=236^ and 
changes to the message (i.e., the program instructions of the 45 the:secret:key-232. 

mask program ROM or the external ROM) will result in the Once generated, the message a uthentjca yon^program'-^^ 

generation of a different message digest. Once generated, the direg^Jb ejnicrg processoi^^ 

message digest can be stored in the EEPROM 204. with-the-temporaay~MAC:238-(aihWGe^^^ new 

Although the DAA, the DES, and the SHA-1 are prefer- MAC and the temporary MAC 238 do not match, the 
ably employed in the illustrated embodiment, one skiUed in 50 message-authentication_-pxo^ 

the art wiU recognize that other cryptographic algorithms soL208^to^prevent=regi^ation-(atrblockr504). If the new 

can alternatively be used to generate the electronic authen- MAC and thezt^oraiy::MA&-238rare4he;SamertherESNr^ 

tication information and, thus, "algorithm" as used herein 205-is:authenticated> The message authentication program 

shall refer to each of these and their equivalents. 234 flagS:the,DiiCTgpiocessOTb20^ 

Referring back to FIGS. 2 and 3, once the temporary 55 tion^ni^smitztberESN^?^^^^ 

MAC 238 is generated, the microprocessor~208-stores the block 512). Once the microprocessor 208 is flagged to 

temporary-ESN-236-and-th-ri^porary MAC 238jnjhe transmit the ESN 205, the method of authenticalmg the ESN 

EEPROM"204'^th"rESN'2053nd'the-MAC:207,-respec- 205 is concluded (at block 504). 

tiveI>r(at block-310)rTtie^ESN 205 and the MAC207 stored Although illustrated in a cellular radiotelephone, pro- 
^in.aie.EEPROM;204-are-not-encryptedrThrmicroprocesK)r 60 gramming and authenticating electronic information as 

^208l>rograms_the^ESN-sccurityrbit"230rinztfa6zon e=time described herein will also find apphcation in cordless 

pro gramm ableiROM^ltodSa^^ telephones, two-way radios, trunked radios, pagers, personal 

b^ock 312). Once the ESN security bit 230 is programmed, digital assistants, and the like, and "device" as used herein 

the method-of-programming^tfie^lectfonicrinfc^ shaU refer to each of these and their equivalents, 
concluded (at block 304). 65 Although the present apparatus and method is shown to 

Prior to making calls, the local device 104 of FIG. 1 must secure an ESN in an external memory device, one skilled in 

transmit the ESN 205 of FIG. 2 to the remote device 102 of the art will recognize that other electronic information, such 
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as program instructions stored in a ROM external to the 
microcontroller, could be similarly secured. By associating 
the program instructions in the ROM with both a security 
flag contained in the microcontroller and electronic authen- 
tication information stored in the ROM and performing 
authentication on the program instructions during the power- 
up sequence of the communication device, unauthorized 
reprogramming and swapping out of the external ROM can 
be deterred. 

Thus, it can be seen that fraudulent use of electronic 
information to gain access to a communication system, such 
as a cellular radiotelephone system, can be minimized even 
if the electronic information, such as an ESN, is stored 
un-encrypted in a memory device, such as an EEPROM, 
external to a microcontroller integrated circuit. By employ- 
ing a one-time programmable security bit in the 
microcontroller, reprogramming of the ESN is prevented. 
By employing a random, secret key-based authentication 
algorithm that creates and requires an association between 
the ESN and electronic authentication information, such as 
a MAC, system access can not be achieved by swapping out 
the EEPROM with another EEPROM containing a different 
ESN and MAC. 

What is claimed is: 

1. An apparatus for securing electronic information in a 
wireless communication device, the wireless communica- 
tion device for use in a wireless communication system, the 
apparatus comprising: 

an external memory for storing the electronic information, 
the electronic information for use by the wireless 
communication device to establish communication 
with the wireless communication system; and 

a microcontroller coupled to the external memory, the 
microcontroller comprising a programming interface 
and a one-time programmable memory for storage of a 
security flag, the microcontrofler, upon determining 
that the security flag has not been previously pro- 
grammed and receiving the electronic information at 
the programming interface, storing the electronic infor- 
mation in the external memory and programming the 
security flag to indicate storage of the electronic infor- 
mation in the external memory, and the 
microcontroller, upon determining that the security flag 
has been previously programmed, preventing repro- 
gramming of the external memory. 

2. An apparatus according to claim 1 wherein the micro- 
controller further comprises an internal bus, the internal bus 
for transacting communications within the microcontroller, 
said communications not visible outside of the microcon- 
troller. 

3. An apparatus according to claim 2 wherein the micro- 
controller further comprises a mask program memory 
coupled to the internal bus, the mask program memory 
storing an authentication algorithm, and the microcontroller, 
upon receiving the electronic information at the program- 
ming interface, executing the authentication algorithm to 
generate electronic authentication information from the 
electronic information. 

4. An apparatus according to claim 3 

further comprising an external bus coupled to the external 
memory; and 

wherein the microcontroller further comprises an external 
memory interface coupled between the internal bus and 
the external bus, and the microcontroller stores the 
electronic authentication information in the external 
memory. 
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5. An apparatus according to claim 3 wherein 

the microcontroller further comprises a configuration 

memory storing an encryption key, 
the electronic information is an electronic serial number 

(ESN), 

the electronic authentication information is a message 

authentication code (MAC), and 
the authentication algorithm uses the encryption key and 

the ESN as input information and generates the MAC 

as output information. 

6. An apparatus according to claim 5 wherein 

the ESN is input to the authentication algorithm as an 
ESN word having a multiple of a 64 bit number, and 

the secret encryption key is a 64 bit number consisting of 
a random 56 bit number and an 8 bit checksum. 

7. A An apparatus according to claim 1 wherein the 
microcontroller is fabricated in a single integrated circuit. 

8. An apparatus according to claim 1 wherein the elec- 
tronic information stored in the external memory is 
un-encrypted. 

9. An apparatus according to claim 1 wherein the elec- 
tronic information is an electronic serial number (ESN). 

10. An apparatus for securing electronic information in a 
wireless communication device, the wireless communica- 
tion device for use in a wireless communication system, the 
apparatus comprising: 

an external memory storing the electronic information and 
electronic authentication information associated 
therewith, the electronic information for use by the 
wireless communication device to establish communi- 
cation with the wireless communication system; and 

a microcontroller coupled to the external memory, the 
microcontroller comprising a program memory storing 
an authentication algorithm, the microcontroller, upon 
request from the wireless communication device to 
establish communication with the wireless communi- 
cation system, retrieving the electronic information and 
the electronic authentication information from the 
external memory, executing the authentication algo- 
rithm to generate new electronic authentication infor- 
mation from the retrieved electronic information, for- 
warding the electronic information for establishing 
communication with the wireless communication sys- 
tem when the new electronic authentication informa- 
tion matches the retrieved electronic authentication 
information, and preventing forwarding of the elec- 
tronic information for establishing communication with 
the wireless communication system when the new 
electronic authentication information does not match 
the retrieved electronic authentication information. 

11. An apparatus according to claim 10 wherein the 
microcontroller further comprises an internal bus, the inter- 
nal bus for transacting communications within the 
microcontroller, said communications not visible outside of 
the microcontroller. 

12. An apparatus according to claim 11 wherein the 
microcontroller further comprises a configuration memory 
coupled to the internal bus, the configtu-ation memory stor- 
ing an encryption key for use by the authentication algo- 
rithm. 

13. An apparatus according to claim U 

further comprising an external bus coupled to the external 

memory; and wherein 
the microcontroller further comprises an external memory 

interface coupled to the internal bus and the external 

bus, and 
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the microcontroller, upon generating the authentication 
information, transfers the electronic information and 
the electronic authentication information from the 
external memory for authentication in the microcon- 
troller. 

14. An apparatus according to claim U wherein 

the microcontroller further comprises a one-time pro- 
grammable memory coupled to the internal bus, the 
one-time programmable memory storing a security 
flag, and 

the microcontroller, prior to retrieving the electronic 
information and the electronic authentication informa- 
tion from the external memory, determining that the 
security flag has previously been programmed to indi- 
cate storage of the electronic information and the 
electronic authentication information in the external 
memory. 

15. A wireless communication device according to claim 
10 wherein the microcontroller is fabricated in a single 
integrated circuit. 

16. An apparatus according to claim 10 wherein the 
electronic information stored in the external memory is 
un-encrypted. 

17. An apparatus according to claim 10 wherein the 
electronic information is an electronic serial number (ESN). 

18. An apparatus according to claim 17 wherein 

the microcontroller further comprises a configuration 

memory storing an encryption key, 
the new electronic authentication information is a new 

message authentication code (MAC), and 
the authentication algorithm uses the encryption key and 

the ESN as input information and generates the new 

MAC as output information. 

19. An apparatus according to claim 18 wherein 

the ESN is input to the authentication algorithm as an 
ESN word having a multiple of a 64 bit number, and 

the secret encryption key is a 64 bit number consisting of 
a random 56 bit number and an 8 bit checksum. 

20. A wireless communication device having a power-on 
state and for use in a wireless communication system, the 
wireless communication device comprising: 

an antenna; 

a transceiver coupled to the antenna; 
a user interface; and 

a controller coupled to the transceiver and the user 

interface, the controller comprising: 

an external memory storing an electronic serial number 
(ESN) in an un-encrypted form and electronic 
authentication information associated with the ESN, 
the ESN for use by the wireless communication 
device to obtain registration on the wireless commu- 
nication system, and 

a microcontroller coupled to the external memory, the 
microcontroller comprising: 

a one-time programmable memory storing a security 
flag, 

a program memory storing an authentication 
algorithm, and 

a microprocessor coupled to the external memory, 
the one-time programmable memory, and the pro- 
gram memory, the microprocessor, responsive to 
initiation of the power-on state and determination 
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the external memory, authenticating the ESN 
using the authentication algorithm, and, once 
authenticated, coupling the ESN to the transceiver 
for transmission in the wireless communication 
5 system. 

21. A wireless communication device according to claim 

20 wherein the microcontroller authenticates the ESN by 
executing the authentication algorithm to generate new 
electronic authentication information from the retrieved 

10 ESN, and forwarding the retrieved ESN for transmission 
when the new electronic authentication information matches 
the retrieved electronic authentication information. 

22. A wireless commimication device according to claim 

21 wherein 

35 the microcontroller further comprises a configuration 
memory storing an encryption key, 
the new electronic authentication information is a new 

message authentication code (MAC), and 
the authentication algorithm uses the encryption key and 
the ESN as input information and generates the new 
MAC as output information. 

23. An apparatus according to claim 22 wherein 

the ESN is input to the authentication algorithm as an 
ESN word having a multiple of a 64 bit number, and 
the secret encryption key is a 64 bit number consisting of 
a random 56 bit number and an 8 bit checksum. 

24. A wireless communication device for use in a wireless 
communication system, the wireless communication device 
comprising: 

an antenna; 

a transceiver coupled to the antenna; 
a user interface; and 

a controller coupled to the transceiver and the user 
interface, the controller comprising: 
a microcontroller comprising: 
a programming interface; 

a one-time programmable read-only memory (ROM) 
for storing an electronic serial number (ESN) 
security flag; 
a configuration ROM for storing a secret key; 
a mask program ROM for storing a message authen- 
tication program; 
a random-access memory (RAM) for storing a tem- 
45 porary ESN and a temporary message authentica- 

tion code (MAC); 
an external memory interface; 
a microprocessor coupled to the programming 
interface, the one-time programmable ROM, the 
50 configuration ROM, the mask program ROM, the 

RAM and the external memory interface; and 
an electronically erasable programmable read only 
memory (EEPROM) external to the microcontroller, 
the EEPROM coupled to the external memory 
55 interface, the EEPROM for storing an ESN and a 

MAC. 

25. A wireless communication device according to claim 
24 wherein the microprocessor, upon receiving an ESN 
program command at the programming interface, deter- 

60 mines that the security flag is not programmed with a value 
indicating prior storage of an ESN in the EEPROM, receives 
the ESN at the programming interface, stores the ESN in the 
RAM as the temporary ESN, executes the message authen- 



35 



40 



tication program to generate the MAC for the temporary 
that the security flag indicates that the ESN is 65 ESN, stores the MAC in the RAM as the temporary MAC, 
stored in the external memory, retrieving the ESN stores the temporary ESN in the EEPROM as the ESN, 
and the electronic authentication information from stores the temporary MAC in the EEPROM as the MAC, 
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and programs the security flag of the one-time program- 
mable memory to indicate storage of the ESN in the 
EEPROM. 

26. A wireless communication device according to claim 
25 wherein the microprocessor, upon receiving an ESN 
authentication command, determines that the security flag is 
programmed with a value indicating prior storage of the 
ESN in the EEPROM, retrieves the ESN and the MAC from 
the EEPROM, stores the ESN in the RAM as the temporary 
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ESN, stores the MAC in the RAM as the temporary MAC, 
executes the message authentication program to generate a 
new MAC for the temporary ESN, compares the new MAC 
to the temporary MAC, and provides the temporary ESN to 
the transceiver for transmission in the wireless communica- 
tion system when the new MAC matches the temporary 
MAC. 
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